BitSpace EOS Block Producer DevOps and Security Update

Introduction

As we near the launch of the EOS mainnet, BitSpace has been working with a team of DevOps and security experts from Praqma. During this period we have started upgrading our architecture plan to enterprise level.

We aim to constantly enhance our standards. Leveraging our experience with previous DPOS systems such as Bitshares and Steem and collaborating with experienced IT consultancy firms allows us to add an extra layer of expertise to the Block Producer server infrastructure.

Our aim with this post is to provide valuable information to the EOS ecosystem and fellow Block Producer candidates, and do our part in the community tech debate. The results outlined below do not jeopardize our security measures and are intended for informational purposes only. This report is focused on running a Block Producer, not on launch practices.

Architecture

Our Block Producer at Green Mountain will be completely isolated from the outside world. Two high speed lines and VPN connections will connect them to multiple seed nodes, in the cloud (see diagram below).

The seed nodes in the cloud will be using the latest cloud-based DDoS protection systems available today. We will be using multiple clusters of seed nodes spread throughout multiple cloud providers and again spread over multiple regions. This makes an attack very hard to coordinate. If a cluster is compromised, it can be shut down and all traffic passed over to an alternate cluster.

Within one of our seed node clusters we will have multiple seed nodes running under a load balancer, a NAT gateway and a Jumpbox. A Jumpbox is a secure computer that all admins first connect to before launching any administrative task or use as an origination point to connect to other servers or untrusted environments. A NAT gateway is used to enable instances in a private subnet to connect to the internet or other cloud services but prevent the internet from initiating a connection with those instances.

In addition, we will have one primary physical seed node cluster close to Green Mountain with a similar non-cloud setup. The Block Producer will sit behind an IPV6 connection which will only be known to the admins of BitSpace. That way it is not traceable from the internet.

Throughout all of this the Block Producer will be isolated and protected with its own physical firewalls and DDoS systems. Redundant BPs with their own VPNs will be waiting in an alternate location in the unlikely case that the primary BP is compromised or fails.

The BitSpace DevOps and Security architecture is work in progress and under constant development. We will post updates as we make changes and improvements to the proposition. We welcome feedback from the EOS community and actively encourage discussion around the choices we have made so far.

BitSpace looks forward to a successful launch and we hope the EOS community can benefit from the information provided. Go EOS!

They do it excellent, every time you learn something more about EOS ecosystem, without a doubt you have me very anxious about its launching, you make an extraordinary relationship Bitspace with Block Produces, you expect a lot of you guys, I feel that this would be a big full project of success.

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

EOS is a great coin, Dan Larimer always gives us great progress in the space of the blockchain and I believe that we should wait until Steemit leaves the beta mode to see it's real potential! Great project guys I will be definitely checking it out soon, cryptocurrencies are a form for economical anarchism! Upvoted and resteemed! :D

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

I am more bullish on Steem than any other Cryptocurrency. Especially with the latest grading system made public by china and a B+ rating given by Weiss. Nothing compare to Steem now and it is only matter of time. I only now stick on the best blockchain.

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

Great post guys, here at EOS UK we are very jealous or your Green Mountain. We want our own Green Mountain! (Mind you I was just looking at their website and noticed this which you might want to mention to them.)

You s till can't beet having a DC inside a mountain though, that is so cool!
All the best for the launch later and voting :-)

Similar to the above-mentioned hedge funds are interested in crypto currency and are beginning to recognize its management companies and households. Not so long ago, there was news that a management company in the United States had opened an investment bitcoin fund for its customers, which made many interested in it. This happened in 2016. This asset class is completely new - just a couple of years ago it simply was not. In that fund, the maximum amount that could be invested to one client - $ 50,000 was set. This is a rarity, because you can not find an organization that would set such limits on the size of the contributions of its members. But, in our opinion, this method is the simplest in terms of risk control. There simply is an allowable amount that can be lost, and the contribution is limited to it. Investment companies often complain about the short-term focus of their clients. But such a focus becomes clear when failures in investment issues can adversely affect their lives. Nevertheless, all available for investment places in the funds were sold in a short time.

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

Yes, we all are waiting for the launch of EOS and we are counting the days because EOS is well awaited project and in this post it's clearly reflecting that how Bitspace team is working with Block Produces to make the EOS ecosystem more strong. And thanks for introducing us with the architecture, it's an clear picture how strong the Blockchain system is. Thanks for sharing this post with us and wishing you an great day team. Stay blessed. 🙂

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

Great work, few questions from my perspective How is access to the jump box controlled? API needs to be authenticating calls and checking for authorization for every fetch from database. Where are the firewalls? Ssh needs to be V2, secured authorized keys. What symmetric key size and algorithm is the VPN using? Just food for thought as security is paramount which I'm sure you guys are aware :-)

Downvoting a post can decrease pending rewards and make it less visible. Common reasons: